package cn.itcast.web.shiro;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * 自定义shiro权限过滤器
 *      继承抽象父类：AuthorizationFilter
 *      实现isAccessAllowed方法
 */
public class MyPermissionFilter  extends AuthorizationFilter {

	/**
	 *
	 * @param request
	 * @param response
	 * @param mappedValue 获取所有配置过滤器中的内容
	 */
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
		//1.调用父类中的方法，获取subject对象
		Subject subject = getSubject(request, response);
		//2.获取配置的filter参数 ： "模块管理","删除模块"
		String[] perms = (String[]) mappedValue;
		//3.判断的逻辑：是要有一个满足权限，返回true
		if (perms != null && perms.length > 0) {
			for (String perm : perms) { // "模块管理","删除模块"
				if (subject.isPermitted(perm)) { //判断当前用户是否具有perm权限
					return true;
				}
			}
		}else{
			return true;
		}
		return false;
	}
}
